As a company you’re legally compelled to comply with warrants. There’s not really anything you can do about it if you want to do business.
Anything they have they can give. The contents of the inbox/email were encrypted and not given. Even if they gave it the encrypted data is useless. Proton also doesn’t have the keys to decrypt your data.
What they did have were his name. Likely set by himself, or through the payment. This data is not encrypted and only accessible by the users as they ( proton )would need to legally hold onto it.
Any service email service you want to use will fall under these requirements. Maybe if you find one outside of the EU region it’ll be harder for the law to get their hands on it. Or if you never use your real name and find a service that allows crypto as payment it might be harder. Unless they can track the crypto back to you somehow.
Proton didn’t do anything any business wouldn’t have had to do. They had to give the bare minimum they had to store for legal purposes.